I have seen a few machines that are hacked with IRC bots. When i sniff or check out the config files for these bots, I will sometimes follow them to the server they are connected to and join the channel.

One of the things that I see when I join the channel, are obviously quite a few bots, but also the fact that if i do a whois on their nick, I dont see their hostname or ip address.

Most of these bots are generally mirc from my experience with them. Yet I am pretty sure IRC does not have the ability to hide your ip address.

How are these bots doing it? For exmaple when i check a whois the bot will look something like:

alot more effective ways to get the bot's ip than to get packeted....if you have there binary just sniff em till u figure out how they work and the password...once have password could make em download something off ur site and view ur apache logs...alot of times the botnet will be running on compramised machine, could own the ircd and packet sniff the whole ircd...or find out who owner of the box is and talk to them about which also works very well...gettin DDoS isn't cool at all...laters

hi, im a newbie with security. i use irc often.. may i know what are these bots you are referring to? are these computers infected with some sort of trojan? i would appreciate it if someone can explain this thread's 1st post.. thanks!

you can either run a thing called a bnc (google psybnc) this then lets you create your own "vhost" thats what the funny things after the name are on connection.

Some servers help and hide your ip, while others just show it, look into psybnc, many folk host bnc's on sql shells which are cheap as hell, many hackers actually use the machines they hack to install bots for example , hacker install bots, and connects via his irc client to the bot, then bot to irc server thus he gets all options and even if ip was showing, it aint theirs.

Hello pinglacson, I would like to suggest that it would be simpler to google for "irc bots" "hackers" or some such search string. The questions you are posing are wide ranging and cannot be answered in a simple sentence or two. Once you have read some material on the subject you have rasied, and would like some clarification please come back and post the questions in this thread or start a newer one which is more pointed. Remember google is your friend!